Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎09-22-2009 08:23 AM Edited on ‎04-27-2025 11:43 PM By Staff

Article Id 196735

Troubleshooting Tip : Viewing FortiGate log entries from the CLI

Description

This article describes how to view log entries from the FortiGate CLI.


Scope

All FortiOS versions.


Solution

It is assumed that Memory and/or Disk/Faz/FDS logging is enabled on the FortiGate and other log options enabled (at Protection Profile level for example).
 
1. Setup filter(s) for the logs to be displayed
 
FGT# execute log filter device 1
Available devices:
0: memory
1: disk
2: fortianalyzer
3: fortianalyzer-cloud
4: forticloud
FGT# execute log filter category 3
Available categories:
 0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: utm-dns
16: utm-ssh
17: utm-ssl
19: utm-file-filter
20: utm-icap
22: utm-sctp-filter
23: forti-switch
 
NOTE: Some categories may not be available on some FortiOS versions.
FGT# execute log  filter view-lines 100 To define the number of lines to display
Other available filter options
FGT # execute log filter ?
category              Category.
device                Device to get log from.
dump                  Dump current filter settings.
field                 Filter by field.
free-style            Filter by free-style expression.
ha-member             HA member.
local-search-mode     local log search mode
max-checklines        Maximum number of lines to check.
pre-fetch-pages       Number of pages to check in advance under on-demand log search mode.
reset                 Reset filter.
start-line            Start line to display.
view-lines            Lines per view.
 
2. Check all filter settings
 
FGT# execute log  filter dump
category: webfilter
device: memory
roll: 0
start-line: 1
view-lines: 100
 

3. View the logs corresponding to the filter
 
FGT# execute log  display
1 logs found.
1 logs returned.
1: 2009-09-21 08:42:00 log_id=0314012288 type=webfilter subtype=content pri=warning fwver=040000 vd="root" policyid=1 serial=1437 user="N/A" group="N/A" src=10.160.1.10 sport=2061 src_int="port2" dst=x.y.z.t dport=80 dst_int="port1" service=http hostname="www.fortinet.com" profile="web" req_type=referral url="/products/" status=blocked agent="N/A" from="N/A" to="N/A" banword="Network" msg="URL was blocked because it contained banned word(s)."

 

Related Articles

Technical Tip : How to delete FortiGate log entries stored in memory or local disk

Labels:
54709
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.